Written by 3:10 PM Information Security

Week 34 – What’s happening in InfoSec – by Rishauna Gunning

Knock Knock !! Let’s talk about what’s new this week.

 

Data scraping firm leaks 235m Instagram, TikTok, YouTube user records.

According to researchers, the trove of data was left for public access without any security authentication.

https://www.hackread.com/data-scraping-firm-leaks-instagram-tiktok-youtube-records/

 

AI firm exposes 2.5 million sensitive medical records online.

2.5 million medical records containing sensitive and confidential data have been exposed by a New York-based artificial intelligence company called Cense. Jeremiah Fowler a researcher and co-founder of Security Discovery on 7th July discovered the exposed data potentially risking millions of lives and identities openly.

https://www.hackread.com/ai-firm-exposes-sensitive-medical-data-online/

 

XCSSET Malware targets macOS by infecting Xcode developer projects.

Newly discovered malware by Trend Micro targets the macOS system by spreading via Xcode developer projects. Researchers explain the exploit as ‘two zero-day vulnerabilities’ wherein, the first one steals cookies through a flaw in the data vaults behaviour and the second one abuses the development version of the Safari browser.

https://www.hackread.com/xcsset-malware-macos-infects-xcode-developer-projects/

 

Volume of Stolen Cards on Dark Web Drops 41%.

The volume of stolen payment cards up for sale on the dark web has plummeted in the first half of 2020 thanks in part to changing shopping patterns driven by COVID-19, according to Sixgill.

https://www.infosecurity-magazine.com/news/volume-of-stolen-cards-on-dark-web/

 

Phone hack traumatizes neighbours’ actresses.

Australian actress Olympia Valance has fallen victim to a “traumatizing” phone hack that resulted in private images being shared without her consent.

https://www.infosecurity-magazine.com/news/phone-hack-traumatizes-neighbours/

 

SpyCloud Raises $30m in Funding to Tackle Surge in Online Fraud During #COVID19.

Cybersecurity firm SpyCloud has raised $30m from a Series C round of funding as it looks to further develop its fraud detection and prevention capabilities.The new investment was led by Centana Growth Partners and included contributions from M12 (Microsoft’s venture fund), Altos Ventures, Silverton Partners and March Capital Partners.

https://www.infosecurity-magazine.com/news/spycloud-raises-funding-surge/

 

Looting Causes Data Breach at Walgreens.

The personal health information (PHI) of over 72,000 Walgreens customers has been exposed after looters broke into nearly 200 stores and stole prescriptions.

https://www.infosecurity-magazine.com/news/looting-causes-data-breach-at/

 

Phishing Scam Targets Asda Shoppers.

Supermarket shoppers in the UK have been targeted by a phishing scam run via the social networking sites Facebook and Twitter. Unscrupulous scammers ran sponsored adverts on the sites offering women who were born in October a free £1000 gift card to spend at Asda.

https://www.infosecurity-magazine.com/news/phishing-scam-targets-asda-shoppers/

 

Over 43,000 Phishing Emails Slip Through NHS Security Filters.

More than 43,000 NHS staff have been hit by phishing emails over the past few months, as they battled to save patients infected with COVID-19, a Freedom of Information (FOI) request has revealed.

https://www.infosecurity-magazine.com/news/43000-phishing-emails-slip-through/

 

GCHQ: Don’t Fall For ‘Celebrity-Backed’ Investment Scams.

More than 43,000 NHS staff have been hit by phishing emails over the past few months, as they battled to save patients infected with COVID-19, a Freedom of Information (FOI) request has revealed.

https://www.infosecurity-magazine.com/news/43000-phishing-emails-slip-through/

 

Smart-Lock Hacks Point to Larger IoT Problems.

Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.

https://www.darkreading.com/vulnerabilities—threats/smart-lock-hacks-point-to-larger-iot-problems/d/d-id/1338715?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

 

7 Ways to Keep Your Remote Workforce Safe.

These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.

https://www.darkreading.com/risk/7-ways-to-keep-your-remote-workforce-safe/d/d-id/1338630?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

 


Rishauna Gunning from Jamaica contributed this article. Rishauna is a member of WISC (Women in InfoSec Caribbean), a Discord group from the G5 Cyber Security Foundation Ltd. Learn more about WISC  at wiscaribbean.org. WISC is a non-profit initiative supporting Caribbean women and girls to develop a career in Information Security.

Close